Wed.Mar 20, 2019

article thumbnail

Hydro Hit by LockerGoga Ransomware via Active Directory

Data Breach Today

Targeted Crypto-Locking Malware Attack Follows French Firm Being Hit Aluminum giant Norsk Hydro has been hit by LockerGoga ransomware, which was apparently distributed to endpoints by hackers using the company's own Active Directory services against it. To help safeguard others, security experts have called on Hydro to release precise details of how it was hit.

article thumbnail

Zipcar Disruption

Schneier on Security

This isn't a security story, but it easily could have been. Last Saturday, Zipcar had a system outage : "an outage experienced by a third party telecommunications vendor disrupted connections between the company's vehicles and its reservation software.". That didn't just mean people couldn't get cars they reserved. Sometimes is meant they couldn't get the cars they were already driving to work: Andrew Jones of Roxbury was stuck on hold with customer service for at least a half-hour while he and

IT 100
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The CISO's Role in AppSec

Data Breach Today

Craig Goodwin of CDK Global on Adding Security to Development As CSO of CDK Global LLC, Craig Goodwin has been part of the rollout of a new API platform that he believes will revolutionize automotive purchasing. Goodwin offers his perspective on security's role in application DevOps.

Security 226
article thumbnail

Google white hat hacker found new bug class in Windows

Security Affairs

James Forshaw, a white hat hacker at Google Project Zero, has discovered a new class of bugs that affect Windows and some of its drivers. Google Project Zero hacker James Forshaw discovered a new class of flaws that reside in some of the kernel mode drivers in Windows that could allow attackers to escalate privileges. The flaws are caused by the lack of necessary checks when handling specific requests.

Access 94
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Groups Ask FDA to Rethink Some Medical Device Cyber Proposals

Data Breach Today

Agency Receives Critique on Draft of Premarket Medical Device Cyber Guidance Update The FDA is generally on the right track in updating guidance for the cybersecurity of premarket medical devices. But a variety of changes are needed, say some of the healthcare sector companies and groups that submitted feedback to the agency.

More Trending

article thumbnail

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction.

Security 216
article thumbnail

The Insider Threat: It's More Common Than You Think

Dark Reading

A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.

IT 78
article thumbnail

Former Hacktivist: Why Persistence Is Key

Data Breach Today

Hector Monsegur Seeks Redemption by Offering Advice to Security Executives At ISMG's Fraud Summit in New York, former Black Hat hacker and hacktivist Hector Monsegur explains why security executives need to listen to people like him and why attackers simply won't go away.

Security 174
article thumbnail

MyPillow and Amerisleep are the latest victims of Magecart gangs

Security Affairs

Security experts at riskIQ revealed today that another two organizations were victims of Magecart crime gang, the bedding retailers MyPillow and Amerisleep. Security experts at RiskIQ announced that the two bedding retailers MyPillow and Amerisleep were victims of the Magecart cybercrime gang. The Magecart umbrella includes at least 11 different hacking crews that has been active at least since 2015.

Retail 80
article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Managing Security Stack Sprawl

Data Breach Today

See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats. See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats.

Security 166
article thumbnail

Less Than 3% of Recycled Computing Devices Properly Wiped

Dark Reading

Researchers find that companies that refurbish or accept old equipment as donations don't necessarily clean them of data as promised.

92
article thumbnail

The Document that Microsoft Eluded AppLocker and AMSI

Security Affairs

Experts analyzed an Office document containing a payload that is able to bypass Microsoft AppLocker and Anti-Malware Scan Interface (AMSI), Introduction. Few days ago, during intel sources monitoring operation, the Cybaze-Yoroi ZLAB team encountered an interesting Office document containing some peculiarities required a deeper analysis: its payload includes techniques suitable to bypass modern Microsoft security mechanisms such as AppLocker , the application whitelisting security feature in pla

article thumbnail

Researchers Seek Out Ways to Search IPv6 Space

Dark Reading

Security researchers regularly search IPv4 address space looking for servers with ports exposing vulnerable software. With the massive number of IPv6 addresses, however, they have lost that ability. Can tricks and workarounds save the day?

article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Putty users have to download a new release that fixes 8 flaws

Security Affairs

PuTTY Releases Important Software Update to Patch 8 High-Severity Flaws. The popular SSH client program PuTTY has released an important software update to address eight high-severity security vulnerabilities. PuTTY is one of the most popular open-source software that allows users to access computers over SSH, Telnet, and Rlogin network protocols. The popular SSH client program PuTTY has released an important software update (version 0.71) for Windows and Unix operating systems, to address eight

article thumbnail

TLS 1.3: A Good News/Bad News Scenario

Dark Reading

Stronger encryption standards are improving the privacy of data in motion, but enterprises will need to adapt their security architectures to maintain visibility into network traffic.

article thumbnail

Six things you need to address for a successful digital transformation (Part 1)

TAB OnRecord

Migrating to electronic business processes? Scanning your record collections? Whatever the next phase of your digital transformation looks like, there are a number of important elements to consider. To help you prepare for the next stage of your journey, here we outline three of six key elements of a successful digital transformation. When planning [.

article thumbnail

ISO 27001 Lead Implementer, Lead Auditor and Internal Auditor: What’s the difference?

IT Governance

Anyone interested in getting into or advancing their career in cyber security probably knows that they will need training and qualifications. But given that the field is so broad, how are you supposed to decide which course is right for you? This blog will help you make that decision. We take three of our most popular training courses – ISO27001 Certified ISMS Internal Auditor , ISO27001 Certified ISMS Lead Auditor and ISO27001 Certified ISMS Lead Implementer – and explain what they cover and

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Years-Long Phishing Campaign Targets Saudi Gov Agencies

Threatpost

The campaign, codenamed “Bad Tidings,” has sought out victims’ credentials with clever fake landing pages pretending to be the Saudi Arabian Ministry of Interior’s e-Service portal.

article thumbnail

BEC Scammer Pleads Guilty

Dark Reading

Business email compromise (BEC) operation resulted in $100 million in losses to a multinational technology company and a social media firm, according to the US Attorney's Office.

62
article thumbnail

Digital Preservation futures: looking ahead to 2030….

Preservica

Much of the discussion in the digital preservation community often focuses on the ‘here and now’. But how do we prepare for the future and the step changes we will undoubtedly see in the next ten years? After this year’s PASIG conference in vibrant Mexico City, Preservica ran a community panel session to debate the challenges of preserving digital content, with a focus on casting our minds forward 10 years to the year 2030.

article thumbnail

5G is coming, but the cloud is not going away (yet)

DXC Technology

The pixels had barely dried on my recent blog post about all the high-paying cloud jobs available now and in the future when I stumbled across a Forbes column speculating that 5G “could kill the cloud.” Investment advisor Jon Markham argues in his Forbes piece that “5G is so fast that it changes what is […].

Cloud 60
article thumbnail

How to Migrate From DataStax Enterprise to Instaclustr Managed Apache Cassandra

If you’re considering migrating from DataStax Enterprise (DSE) to open source Apache Cassandra®, our comprehensive guide is tailored for architects, engineers, and IT directors. Whether you’re motivated by cost savings, avoiding vendor lock-in, or embracing the vibrant open-source community, Apache Cassandra offers robust value. Transition seamlessly to Instaclustr Managed Cassandra with our expert insights, ensuring zero downtime during migration.

article thumbnail

Mac-Focused Malvertising Campaign Abuses Google Firebase DBs

Threatpost

Researchers said 1 million user sessions could have been exposed to the campaign, which downloads the Shlayer trojan.

article thumbnail

WiCyS event celebrates opportunities for women in data security field

Information Management Resources

The goal is to bring together intelligent, motivated women and girls from across the country to enhance their knowledge and opportunities in data security and to also get male allies to join us in that mission.

article thumbnail

Uber Deployed ‘Surfcam Spyware’ in Australia to Crush the Competition – Report

Threatpost

Until a report this week, Uber's Surfcam's use was thought to be limited to incidents uncovered in Singapore in 2017. For its part, Uber denies that it's a "spyware.".

IT 59
article thumbnail

'Critical' Denial-of-Service Bug Patched in Facebook Fizz

Dark Reading

Researchers report a now-patched DoS vulnerability in Facebook Fizz, its open source implementation of the TLS protocol.

IT 64
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

When your cloud migration plans should move away from ‘lift and shift’

DXC Technology

The easy approach to transitioning applications to the cloud is the simple “lift and shift” method, in which existing applications are simply migrated, as is, to a cloud-based infrastructure. And in some cases, this is a practical first step in a cloud journey. But in many cases, the smarter approach is to re-write and re-envision […].

Cloud 49
article thumbnail

Google Photos Bug Let Criminals Query Friends, Location

Dark Reading

The vulnerability, now patched, let attackers query where, when, and with whom victims' photos were taken.

63
article thumbnail

La cultura potrebbe prevalere sulla strategia, ma l’UX s’impone sulla cultura

DXC Technology

Peter Drucker ha giustamente detto “La cultura mangia la strategia a colazione”, come infatti si può dimostrare. Spesso, una strategia in corso da mesi in un’azienda per aumentare la produttività viene tranquillamente messa da parte dopo poche settimane perché non sta funzionando. I migliori piani potrebbero avere un senso compiuto, ma quando sottoposti a una […].

48